| commit | 2c9a4c731010685b86559c06637aeef2ac5ea06e | |
| author | Taylor Blau <me@ttaylorr.com> | |
| Wed, 25 Jan 2023 19:58:38 +0000 (25 14:58 -0500) | ||
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | |
| Mon, 6 Feb 2023 08:09:14 +0000 (6 09:09 +0100) | ||
| tree | 94ef671b634c0516c9643aa5e685ca31c0793453 | treesnapshot (tar.gz zip) |
| parent | 0227130244c007870c106fc613903d078730e45c | commitdiff |
| parent | bffc762f87ae8d18c6001bf0044a76004245754c | commitdiff |
Merge branch 'tb/clone-local-symlinks' into maint-2.30
Resolve a security vulnerability (CVE-2023-22490) where `clone_local()`
is used in conjunction with non-local transports, leading to arbitrary
path exfiltration.
* tb/clone-local-symlinks:
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
clone: delay picking a transport until after get_repo_path()
t5619: demonstrate clone_local() with ambiguous transport
Resolve a security vulnerability (CVE-2023-22490) where `clone_local()`
is used in conjunction with non-local transports, leading to arbitrary
path exfiltration.
* tb/clone-local-symlinks:
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
clone: delay picking a transport until after get_repo_path()
t5619: demonstrate clone_local() with ambiguous transport